Programmable integrated circuit devices (IC) are a well-known type of IC that can be programmed to perform specified logic functions. One type of programmable IC, the field programmable gate array (FPGA), typically includes an array of programmable tiles. These programmable tiles can include, for example, input/output blocks (IOBs), configurable logic blocks (CLBs), dedicated random access memory blocks (BRAM), multipliers, digital signal processing blocks (DSPs), processors, clock managers, delay lock loops (DLLs), and so forth.
Each programmable tile typically includes both programmable interconnect circuitry and programmable logic circuitry. The programmable interconnect circuitry typically includes a large number of interconnect lines of varying lengths interconnected by programmable interconnect points (PIPs). The programmable logic circuitry implements the logic of a user design using programmable circuit elements that can include, for example, function generators, registers, arithmetic logic, and so forth.
The programmable interconnect circuitry and programmable logic circuitry are typically programmed by loading a stream of configuration data into internal configuration memory cells that define how the programmable elements are configured. The configuration data can be read from memory (e.g., from an external PROM) or written into the FPGA by an external device. The collective states of the individual memory cells then determine the function of the FPGA.
Another type of programmable IC is a complex programmable logic device, or CPLD. The CPLD includes two or more “function blocks” connected together and to input/output (I/O) resources by an interconnect switch matrix. Each function block of the CPLD includes a two-level AND/OR structure similar to those used in programmable logic arrays (PLAs) and programmable array logic (PAL) devices. In CPLDs, configuration data is typically stored on-chip in non-volatile memory. In some CPLDs, configuration data is stored on-chip in non-volatile memory, then downloaded to volatile memory as part of an initial configuration (programming) sequence.
For all of these programmable ICs, the functionality of the device is controlled by data bits provided to the device for that purpose. The data bits can be stored in volatile memory (e.g., static memory cells, as in FPGAs and some CPLDs), in non-volatile memory (e.g., FLASH memory, as in some CPLDs), or in any other type of memory cell.
Other programmable ICs are programmed by applying a processing layer, such as a metal layer, that programmably interconnects the various elements on the device. These programmable ICs are known as mask programmable devices. Programmable ICs can also be implemented in other ways, e.g., using fuse or antifuse technology. The phrase “programmable IC” can include, but is not limited to these devices and further can encompass devices that are only partially programmable. For example, one type of programmable IC includes a combination of hard-coded transistor logic and a programmable switch fabric that programmably interconnects the hard-coded transistor logic.
As ICs, including programmable ICs, increase in size and number of components, the probability that a manufacturing or design fault will occur within the ICs also increases. These manufacturing and design faults can render the IC inoperable. Design-for-test (DFT) features implemented within the IC are intended to detect manufacturing and design faults that can affect the operability of the IC. One such DFT feature is the implementation of scan chains within the IC.
In general, a “scan chain” refers to a series of flip-flops within an IC that are coupled together. Each flip-flop of the scan chain is coupled to the next nearest flip-flop within the IC thereby forming, in effect, a shift register. Although additional flip-flops used only for the purpose of scan chain implementation may be necessary, in some cases, scan chains can be implemented solely with flip-flops that already exist as part of the operational circuitry of the IC, thereby performing a dual purpose.
Scan chains generally can be thought of in terms of test scan chains and result scan chains. A test scan chain typically is implemented to provide input DFT data to a particular circuit region or particular circuit device within the IC. A result scan chain typically is implemented to receive output DFT data from a particular circuit region or a particular circuit device within the IC.
Within a test scan chain, each flip-flop can be implemented with a first input that receives operational data for use in operational functions of the IC, e.g., non-scan chain related functions. Each flip-flop further can include a second input that provides a side channel through which test data, e.g., input DFT data, can be input to the flip-flop. Through an input port coupled to a first flip-flop of the test scan chain, the input DFT data can be clocked, or sequenced, through each flip-flop within the test scan chain. The input DFT data received by each flip-flop can be a test input to a particular section of circuitry, or a particular device, within the IC undergoing fault testing. For example, the input DFT data that is output from a first flip-flop of the test scan chain can serve as a first test input to a first circuit region of the IC. The input DFT data that is output from a second flip-flop of the test scan chain can serve as a second test input provided to a second circuit region of the IC.
Within a result scan chain, each flip-flop can be implemented with a first input that receives operational data for use in operational functions, i.e., non-scan chain related functions, within the IC. Each flip-flop within the result scan chain also can include a second input that receives output DFT data from a section of circuitry, or a device, within the IC being tested for faults. Through an output port coupled to a last flip-flop of the result scan chain, output DFT data can be output from each flip-flop of the result scan chain. For example, the output DFT data that is input to a first flip-flop of a result scan chain can be received from a first selected region of circuitry of the IC. The output DFT data that is input to a second flip-flop of the result scan chain can be received from a second selected region of circuitry of the IC.
Thus, input DFT data such as a test vector can be propagated through the test scan chain to selected portion of the IC for testing. The test vector can set each particular section of circuitry within the IC to be tested for faults to a known state. Subsequently, each section of circuitry can be executed for one clock cycle and the resulting output DFT data from each section of circuitry can be input to the result scan chain. The output DFT data can be propagated out of the result scan chain as a result vector. The result vector can be compared to expected results to determine a number and a location of manufacturing and design faults within the IC.
Although useful for testing and debugging ICs, scan chains can create security vulnerabilities since scan chains can, in some circumstances, provide unauthorized users, e.g., “attackers,” with access to sensitive data stored within the IC. For example, using physical attacks, unauthorized users can input data vectors to, and output data vectors from, the scan chain while placing the IC in an operational mode. In this manner, internal operational features and circuit implementations within the IC can be ascertained by the attacker via a comparison of the input to, and resulting output from, the scan chains.